Summary: Keep up with the demands of todayas remote workforce. Enable securemobile access to critical apps and data without compromising security. Choosefrom a variety of scalable secure mobile access (SMA) appliances and intuitiveMobile Connect apps to fit every size business and budget.

Desc: SonicWALL SMA suffers from a XSS issue due to a failure to properly sanitizeuser-supplied input to several parameters. Attackers can exploit this weaknessto execute arbitrary HTML and script code in a user’s browser session. The WAF wasbypassed via form-based CSRF.

Desc: SonicWALL NSA suffers from a XSS issue due to a failure to properly sanitizeuser-supplied input to the ‘curUserName’ GET parameter in the ‘appFirewallSummary.html’script. Attackers can exploit this weakness to execute arbitrary HTML and script codein a user’s browser session.

Desc: Dell SonicWALL GMS suffers from multiple SQL Injection vulnerabilities.Input passed via the GET parameters ‘searchBySonicwall’, ‘firstChangeOrderID’,‘secondChangeOrderID’ and ‘coDomainID’ is not properly sanitised before beingreturned to the user or used in SQL queries. This can be exploited to manipulateSQL queries by injecting arbitrary SQL code.

The Department of Homeland Security (DHS) has released a Joint Analysis Report (JAR) that details Russian malicious cyber activity, designated as GRIZZLY STEPPE. This activity by Russian civilian and military intelligence services (RIS) is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and private sector entities.

DHS recommends that network administrators review the Security Publication for more information and implement the recommendations provided.

Any remote user can access to the victim server trough a SQLI Blind Injection on a component of aweb_cartwatching_system and aweb_cart_autosaveThis the code that has the parameters with the parameters not sanitized

2. Proof of Concept

option=com_virtuemart&view=categorysearch’ RLIKE (SELECT * FROM (SELECT(SLEEP(5)))sgjA) AND ‘jHwz’=’jHwz&task=smartSearch and it works and I can access to every database on the client system launching other queries.

3. Solution:

Update to version 2.6.1 from the update center of joomla.The Joomla vel publish the vulnerability onAnswer from Joomla VEL “We have added it to the VEL here: https://vel.joomla.org/resolved/1897-aweb-cart-watching-system-2-6-0 http://awebsupport.com/